CVE-2017-10720

Name of the Vulnerable Software and Affected Versions Shekar Endoscope (affected versions not specified)

Description The desktop application used to connect to the Shekar Endoscope device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This allows an attacker to execute code on the user's system directly, potentially gaining access to all the data the user has access to. The application uses a dynamic link library (DLL) called "avilib.dll" to send binary packets to the device, including a function called "sendchangename" that allows a user to change the Wi-Fi name on the device. This function calls a sub-function "sub 75876EA0" which determines the action to execute based on the parameters sent to it. The function uses the memmove function, which leads to a stack overflow when the length of the data string passed as the first parameter exceeds a certain limit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.